Skip to content

ulex/windows_defender_performance_tool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
screenshot.png
screenshot.png
 
 

Repository files navigation

Windows Defender Performance Tool

A .NET application that monitors Windows Defender ETW events and visualizes scan durations in real-time using a stacked bar chart. Can also visualize snapshots recorded offline with the New-MpPerformanceRecording PowerShell cmdlet.

Screenshot

Features

  • Listens to Microsoft-Antimalware-Engine/StreamScanRequestTask/Stop ETW events
  • Displays scan durations per process in a stacked bar chart
  • Drag and drop files or folders onto the window to trigger an immediate scan of the dropped items
  • CSV export when more than one snapshot is dragged to the window

About scan duration

Windows Defender emits ETW start and stop events per scan operation. The durations shown are therefore wall-clock time, not CPU time - if the OS scheduler preempts the Defender thread in between, the reported duration will exceed the actual CPU time consumed.

License

MIT

About

Real-time Windows Defender scan performance monitor

Resources

Readme
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 4

v1.2.0 Latest
Apr 23, 2026
+ 3 releases

Contributors

Languages